<?php
//登陆
if($do==''){
	$smarty=new smarty();smarty_header();
	$smarty->display('login.htm');
}
//登陆处理
if($do=='login'){
	$admin_name=empty($_POST['admin_name'])?'':trim($_POST['admin_name']);
	$admin_password=empty($_POST['admin_password'])?'':trim($_POST['admin_password']);
	$admin_name=str_replace("#","",$admin_name);
	$admin_name=str_replace("=","",$admin_name);
	$admin_name=str_replace("'","",$admin_name);
	$admin_name=str_replace("\"","",$admin_name);
	$admin_name=str_replace("%","",$admin_name);
	$admin_name=str_replace("and","",$admin_name);
	$admin_name=str_replace("select","",$admin_name);
	if(empty($admin_name)){
		message(array('text'=>'对不起，管理员不能为空！','link'=>''));
	}
	if(empty($admin_password)){
		message(array('text'=>'对不起，密码不能为空！','link'=>''));
	}
	$row=$db->getone("SELECT * FROM ".$db_prefix."admin WHERE admin_name='".$admin_name."' AND admin_password='".password($admin_password)."' ");
	if($row){
		if($row['admin_state']==0){
			message(array('text'=>'您的帐号已经被锁定！','link'=>''));
		}
		$_SESSION['admin_id']=$row['admin_id'];
		$_SESSION['admin_name']=$row['admin_name'];
		$_SESSION['admin_permissions']=$row['admin_permissions'];
	}else{
		message(array('text'=>'对不起，登陆失败！','link'=>''));
	}
	admin_log('login','system',$_SESSION['admin_name']);
	clear_cache();
	message(array('text'=>'恭喜您，正在登陆中...','link'=>'?action=start'));
}
//退出处理
if($do=='logout'){
	admin_log('logout','system',$_SESSION['admin_name']);
	unset($_SESSION['admin_id'],$_SESSION['admin_name'],$_SESSION['admin_permissions']);
	clear_cache();
	message(array('text'=>'恭喜您，成功退出系统！','link'=>get_self()));
}
?>